Background: 15 years of experience in software and apparently spoiled because it was already set up correctly.

Been practicing doing my own servers, published a test site and 24 hours later, root was compromised.

Rolled back to the backup before I made it public and now I have a security checklist.

  • satans_methpipe@lemmy.world
    link
    fedilink
    arrow-up
    12
    ·
    edit-2
    15 hours ago

    On a new linux install or image I will always:

    • Make new users(s)
    • Setup new user to sudo
    • Change ssh port
    • Change new user to authenticate ssh via key+password
    • Disable root ssh login
    • njordomir@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      9 hours ago

      That’s more or less the advice I’ve gotten as well. I’ve also read good things about fail2ban which tries to ban sources of repeated authentication failures to prevent brute force password attempts. I’ve used it, but the only person who has managed to get banned is myself! I did get back in after the delay, but I’m happy to know it works.

    • stebator@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      9 hours ago
      • Setup new user to sudo

      I hope it is not a passwordless sudo, it is basically the same as root.